The First Line of Defense for Industrial Cybersecurity

PBSI Moxa Logo 2022 400

January 6, 2022

By Alvis Chen, Global Marketing, Integrated Marketing Project Manager, Moxa

In the IIoT era, previously unconnected systems are now connected over private or public networks in order to gain more insights and improve productivity. The downside of this greater connectivity is that industrial networks are no longer immune to cyberthreats. The upside is a growing chorus of experts who are sharing their knowledge to help shore up cybersecurity in industrial networks.

Generally speaking, two methods are available for implementing industrial cybersecurity. One method is to secure the foundation of a network infrastructure and only allow authorized traffic to flow to the designated areas. The other method involves identifying critical assets and applying layered protection. Industrial secure routers and firewalls are essential to both of these methods as they are deployed at the front lines to prevent unauthorized access and traffic to industrial networks.

Key Criteria for Choosing Industrial Secure Routers and Firewalls

Industrial control systems can apply a defense-in-depth approach to protect critical equipment and secure various locations, device cells, function zones, and factory sites on an automation network.

Defense-in-depth cybersecurity includes three types of controls: physical, technical, and administrative. First, implement physical controls by segmenting the network and creating boundaries between each segment. Next, apply technical controls by securing network traffic or filtering data packets. Lastly, enhance administrative security by managing IP addresses and adopting strong security policies. Secure routers and firewalls provide an excellent way to achieve defense-in-depth cybersecurity on your network, but how do you choose the right router or firewall for your industrial application? Consider the following three criteria.


1. Adding Firewalls Without Changing Your Network

Network segmentation involves breaking down the network into physical or logical zones with industrial firewalls. A firewall is an access control device that looks at the IP packet, compares the packet with preconfigured policy rules, and decides whether to allow, deny, or take some other action on the packet. Generally speaking, firewalls can be either routed or transparent, and the type you will need depends on the requirements of your application. Unlike routed firewalls, transparent firewalls allow you to keep the same subnet so that you can easily add firewalls to an existing network.

With transparent firewalls, you also do not need to change the network topology. Transparent firewalls are suitable for protecting critical devices or equipment inside a control network where network traffic is exchanged within a single subnet. Furthermore, you do not need to reconfigure IP subnets because transparent firewalls do not participate in the routing process.


2. Detect Threats and Protect Critical Data

Firewalls are akin to gatekeepers. Unfortunately, determined intruders may still be able to get through the gates on a segmented network. That’s why you need to constantly check the traffic that passes through the gates you have established. One way to achieve this is to filter out unwanted commands such as write or configure commands that could cause industrial processes to fail when needed or unnecessarily trigger a safe state during production.

Therefore, it is important for industrial secure routers and firewalls to support industrial protocol filtering at the command level — read, write, etc. — for more fine-grained whitelisting control. To secure the transmission of confidential data, consider building secure tunnels for site-to-site communications. In some scenarios, communications over public or untrusted networks will definitely require secure encrypted data transmissions. Under such circumstances, consider VPN capability when choosing industrial secure routers and firewalls.

3. Getting Firewalls and Network Under Control

In industrial applications, hundreds or thousands of firewalls could be installed to control data traffic and protect field equipment from malicious attacks. Furthermore, even more IP addresses could be on a network. As networks continue to expand, managing all of the devices, firewall rules, and IP addresses become more complicated. Therefore, network address translation (NAT) provides a very important function when deploying industrial secure routers and firewalls. NAT allows the reuse of machine IP address schemes on the same network and the connection of multiple devices to the Internet, using a smaller number of IP addresses. This not only significantly reduces maintenance efforts and administrative overhead, but also provides simple network segmentation. In addition, it enhances security for private networks by keeping internal addressing private from the external network.

Final Thoughts

Finding the right secure router or firewall for an application brings you to the halfway mark in successfully beefing up a industrial network security. Using three criteria to help you make the right choice can remove some of the guesswork. For instance, a highly integrated industrial multiport secure router with firewall/NAT/VPN and managed Layer 2 switch functions provides everything that is needed. Nevertheless, whatever solution you ultimately choose, it should fit the specific application requirements.

For more information, visit HERE.

Related Articles

Changing Scene

  • Eaton Canada Welcomes Dino Alimonti as New Vice President of Sales

    Eaton Canada Welcomes Dino Alimonti as New Vice President of Sales

    Dino Alimonti has been selected as Vice President, Sales, Eaton Canada, effective July 1, 2023. In his new role, Dino will be responsible for leading, developing and executing sales strategies across key targeted industry segments. He will manage and direct the growth activities of the Sales and Channel teams as well as provide business and operational leadership to the sales teams and associated support functions. Read More…

  • Roberta Nelson Shea from Universal Robots Receives Prestigious Robotics Award for Contribution to Robot Safety

    Roberta Nelson Shea from Universal Robots Receives Prestigious Robotics Award for Contribution to Robot Safety

    For the second time within five years, a key figure at Universal Robots (UR), the Danish manufacturer of collaborative robots (cobots), has been awarded the world’s most prestigious robotics prize, the Joseph F. Engelberger Robotics Award, often described as the Nobel Prize of robotics. Following in the footsteps of UR’s co-founder Esben Østergaard, who was given the Engelberger Award in 2018 in the Technology category, Roberta Nelson Shea, UR’s Global Technical Compliance Officer received the award for Applications at a ceremony last night at the Automate Show in Detroit. Read More…

Sponsored Content
The Easy Way to the Industrial IoT

The way to the Industrial IoT does not have to be complicated. Whether access to valuable data is required or new, data-driven services are to be generated, Weidmuller enables its customers to go from data to value the easy way. Weidmuller’s comprehensive and cutting-edge IIoT portfolio applies to greenfield and brownfield applications. Weidmuller offers components and solutions from data acquisition, data pre-processing, data communication and data analysis.

Visit Weidmuller’s Industrial IoT Portfolio.

For a Multiplied Value Unified


During the last few years, the Excelpro Group has welcomed AIA Automation, Envitech Automation and Conrad Lavoie Electrical, all of which have become ‘Member of the Excelpro Group’.

It was with great excitement that in November of 2022, Excelpro announced that these three companies officially became Excelpro. This decision is part of a strategy to enhance the Excelpro Group’s brand in its market.

These companies already collaborate on various client projects. This merger brings together the complementary strengths of the employees and ensures a global synergy of the activities throughout the Group.

Read More

Service Wire Co. Announces New Titles for Key Executives

Bruce Kesler and Mark Gatewood have been given new titles and responsibilities for Service Wire Co.

Bruce Kesler has assumed the role of Senior Director – Business Development. Bruce will be responsible for Service Wire’s largest strategic accounts and our growing Strategic Accounts Team.

Mark Gatewood has been promoted to the role of Vice President – Sales & Marketing. In this role, Gatewood will lead the efforts of Service Wire Company’s entire sales and marketing organization in all market verticals.

Read More

Tri-Mach Announces the Purchase of an Additional 45,000 sq ft. Facility

Tri-Mach Elmira Facility

Recently, Tri-Mach Inc. was thrilled to announce the addition of a new 45,000 sq ft. facility. Located at 285 Union St., Elmira, ON, this facility expands Tri-Mach’s capabilities, allowing them to better serve the growing needs of their customers.

Positioning for growth, this additional facility will allow Tri-Mach to continue taking on large-scale projects, enhance product performance testing, and provide equipment storage for their customers. The building will also be the new home to their Skilled Trades Centre of Excellence.

Read More

JMP Parent Company, CONVERGIX Acquires AGR Automation, Expanding Global Reach

Convergix Automation Solutions has completed the acquisition of AGR Automation (“AGR”), a UK-based provider of custom, high-performance automation design and systems integration primarily to the life sciences industry.

Following Convergix’s acquisitions of JMP Solutions in August 2021 and Classic Design in February 2022, AGR marks the third investment in Crestview’s strategy to build Convergix into a diversified automation solutions provider targeting the global $500+ billion market, with a particular focus on the $70 billion global systems integration and connectivity segments. Financial terms of the transaction were not disclosed.

Read More

Latest Articles

  • Emerson Helps Optimize Innovative Recycling Process That Increases Sustainability of Waste-to-Energy Industry

    Emerson Helps Optimize Innovative Recycling Process That Increases Sustainability of Waste-to-Energy Industry

    Emerson is helping the Swedish cleantech company HaloSep to optimize their unique process that turns hazardous incinerator flue gas residue from waste-to-energy plants into usable materials. Emerson’s control technology and software is being deployed at HaloSep’s plant for optimization, research and technology (PORT) in Gothenburg, Sweden, to manage an innovative chemical separation process that recovers valuable salt, metals and minerals from fly ash. Read More…

  • Efficient Power Supplies – An Investment in the Future

    Efficient Power Supplies – An Investment in the Future

    In the search for a suitable power supply, the costs play a major role, alongside the technical requirements. The focus is often on the initial purchase price, while other potential costs that may be incurred during the operation of the power supply are not taken into consideration. In this blog post, we demonstrate why the decision to purchase a high-quality power supply is a profitable investment for your company, by taking a close look at all the costs involved. Read More…